Backbones (HS-IDA-EA-98-609)
Egir Örn Leifsson (egir@student.his.se)
Department of Computer Science University of Skövde, Box 408
S-54128 Skövde, SWEDEN
Final Year Project in Computer Science, Spring 1998. Supervisors: Bengt Eftring, Jörgen Hansson
Submitted by Egir Örn Leifsson to Högskolan Skövde as a dissertation for the degree of BSc, in the Department of Computer Science.
[1998-09-16]
I certify that all material in this dissertation which is not my own work has been identified and that no material is included for which a degree has previously been conferred on me.
Egir Örn Leifsson (egir@student.his.se)
Key words: Data Communication, Network, Network Design, Vulnerability Analysis, ATM, TCP/IP, Internet, Backbone.
Abstract
Many small to medium sized computer networks currently in use around the world are based on techniques allowing communications only in the 10 Mbps range. Due to the ever increasing amounts of traffic more efficient network solutions are becoming increasingly important, especially in establishment-wide backbones. ATM is a very interesting choice for network backbones, since it provides virtually seamless integration with existing LANs and a platform for future transitions into more advanced LAN environments. Since network solutions often cost a great deal of money and need to function well in order to properly support users, much thought must be put into how a particular network should be designed. This work concentrates on that problem, the design of an ATM backbone. To be more exact, an existing network infrastructure based partially on ATM LAN needs to be expanded, resulting in a new network backbone based purely on ATM LAN.
When a new network has been designed it is desirable to know what its weak points are and how likely it is that service will be interrupted. For this reason a vulnerability analysis of certain elements in the ATM infrastructure has been performed. This analysis is very lightweight and easy to understand and interpret. There are several reasons for not performing a severely comprehensive analysis. For example, a lightweight analysis can be performed rapidly and is easy to maintain as the network evolves. In order to enable the analysis to be performed rapidly a method for lightweight vulnerability analysis has been constructed.
The result of this work is a new ATM backbone design based on a number of ATM nodes and a natively connected router. The probability of certain failures in this structure has been calculated and recommendations for recovery from failures constructed.
Sammanfattning... 1
1
Introduction ... 2
1.1 Report Structure ... 32
Background ... 4
2.1 Ethernet... 4 2.2 ATM LAN ... 6 2.3 Terminology... 102.3.1 Some General Terms... 10
2.3.2 Network Design ... 15
2.3.3 Network Vulnerability Analysis ... 15
3
Problem Description ... 17
3.1 Current Situation ... 17
3.2 Expanding the Network ... 21
3.3 Network Vulnerability Analysis... 22
4
Methodology... 24
4.1 Network Design... 24
4.2 Network Vulnerability Analysis... 26
4.2.1 Probability of Failures... 26
4.2.2 Redistribution of Network Resources... 28
5
Implementation/Results... 29
5.1 Network Design... 29
5.2 Network Vulnerability Analysis... 33
5.2.1 Probability and Recovery ... 33
5.2.2 Redistribution Scheme ... 39
6
Conclusion ... 41
6.1 Future Work ... 41
Acknowledgements ... 41
Många av dagens små och mellanstora datanät är baserade på tekniker som inte tillåter kommunikationshastigheter långt över 10 Mbps. På grund av att trafiken i dessa nät hela tiden ökar har det nu börjat bli viktigt med nya, högeffektiva nätverkslösningar, speciellt i stamnät. ATM är en väldigt intressant möjlighet för stamnät eftersom det relativt lätt kan integreras med existerande LAN och utgöra en plattform för framtida steg till mer avancerade LAN. Eftersom nätverkslösningar ofta kostar mycket pengar och måste fungera bra för att understödja den verksamhet de används i är det viktigt att lägga ner arbete på att ta fram en bra nätverksdesign. I denna rapport fokuserar vi på just detta problem, nätverksdesign. För att vara mer exakt, så skall ett redan existerande stamnät delvis byggt på ATM LAN byggas ut till ett nät baserat helt och hållet på ATM LAN.
När en ny nätverksdesign har tagits fram är det viktigt att förstå var svagheterna i nätet ligger och hur sannolikt det är att nätverkstjänsten avbryts. Av denna anledning har en sårbarhetsanalys för vissa delar av ATM infrastrukturen genomförts. Denna analys är småskalig och enkel att förstå och tolka. Det finns ett antal anledningar för att inte genomföra en mer omfattande analys. Till exempel kan analysen genomföras snabbt och resultaten blir enkla att underhålla allt eftersom nätet förändras. För att sårbarhetsanalysen skall kunna genomföras snabbt har en metod för småskaliga sårbarhetsanalyser tagits fram.
Resultatet av detta arbete är en ny design för ett ATM stamnät som består av ett antal ATM noder och en router som kopplas direkt in på ATM nätet. Sannolikheten för vissa fel i denna struktur har uppskattats och rekommendationer för hur fel skall hanteras har tagits fram.
1
Introduction
As mentioned in [Sta98] and [Max97], the TCP/IP protocol suite has since its development in the mid-1970s become the most commonly used networking protocol in the world. This is largely due to the fact that TCP/IP has established itself as the standard protocol of the Internet. An important factor in the success of TCP/IP in the LAN arena was the introduction of Ethernet. Until the early to mid-1980s TCP/IP had been confined to the US Department of Defense and related institutions. All this changed with the advent of Ethernet in the mid-1980s. Since TCP/IP was a stable, mature set of protocols many LAN vendors started implementing it in their Ethernet products. Thus, Ethernet and TCP/IP made their breakthrough in private networking hand in hand.
Stallings mentions [Sta98] how dramatically demands on computer networks have changed since Ethernet and TCP/IP made their debut on the LAN market. Today’s networks must support traffic with characteristics very different from the traffic generated on early networks. The average desktop computer has become very powerful and able to generate much greater volumes of traffic than early PCs. Client-server networking has also helped in increasing the amount of traffic on computer networks. The increased use of delay sensitive traffic, for example audio and video, has created a need for networks supporting real-time traffic.
Stallings also discusses a few different approaches to meet these increased and changing demands on computer networks in [Sta98]. These approaches are discussed in chapter 2 but deserve a short mentioning here. In order to support higher transmission speeds, Ethernet has been spiced up not once but twice in the last few years, first from its original1 10 Mbps to 100 Mbps and then to a whooping 1 Gbps. This approach has its advantages, but lately technically superior ATM networks have appeared on the market and will probably give high-speed versions of Ethernet harsh competition.
The evolution of LANs has not only led to networks that support higher transmission rates and in certain cases real-time traffic. It has also led to increased and increasing complexity in computer networks. This makes it hard for the network administrator to get an overview of the network and its function (or lack thereof). With increasing complexity it becomes very important to know what effects a failure in one part of the network will have. All but the smallest LANs are now quite decentralized. In a network consisting of one hub and a few hosts, the whole network will stop functioning if the hub breaks down, but what happens in the event of failure in a network consisting of several hundred hosts and a collection of switches, hubs and even routers? In addition to knowing what happens in the event of failure, it is also important to be able to predict how likely it is that a failure will occur and how long it takes to repair.
Even though modern networking presents both the designer and administrator with many problems, and some of these big ones, solutions or at least ways of getting around the problems exist. Some of these are discussed later in this report.
The focus of this work is twofold. On one hand it deals with the expansion of an existing infrastructure based partially on ATM LAN to a pure ATM LAN backbone
1
The original commercially available Ethernet operated at 10Mbps, the original experimental Ethernet, however, ran at 3 Mbps over coaxial cable [Sta98].
and on the other hand a vulnerability analysis of that same network. The network needs to be redesigned since a new router is to be natively connected to the ATM backbone and this dramatically changes the scenario on which the older backbone design was based. Furthermore the network is expanding and a new node needs to be integrated into the ATM topology. In order to better be prepared for failures in the network, it has been decided that a vulnerability analysis should be performed parallel to the redesign effort. This analysis should give estimations on the probability of failures and recommendations as how to react to these failures. Since this analysis needs to be performed rapidly and the results should be easy to keep up-to-date as the network evolves a new method for vulnerability analysis is presented later in this report.
Due to the fact that the work described in this report deals with expanding an existing ATM network and performing a vulnerability analysis on that network, the primary focus of the report is on ATM, although Ethernet is covered to some extent. Even if this is the case, some of the methods described, especially in the sections dealing with vulnerability analysis, can be used when working with other types of networks.
1.1
Report Structure
In chapter 2 background information is given. Computer networks and their building blocks in general are discussed, terms are defined and the necessary practical problem domains current situation is described.2
Chapter 3 contains a definition of the problem to be tackled. This chapter is divided into three sections. The first two deal with network design and expanding existing networks. In the third section we discuss vulnerability analysis in computer networks. Chapter 4 focuses on the methodology of our approach, it consists of two sections dealing with network design and vulnerability analysis.
The results of our work are presented in chapter 5.
The final chapter presents conclusions and ideas for future work.
2
2
Background
This chapter provides background information and terminology necessary to understand the remainder of this report. The first and second sections deal with Ethernet and ATM respectively. These standards are described in sufficient detail for the reader to get a basic understanding of how they differ, but excruciatingly technical details are refrained from as they are not necessary to understand the principals. In the third section a number of terms are defined.
2.1
Ethernet
Ethernet has for some years now been by far the most popular standard for LANs. Work on Ethernet began at Xerox Palo Alto Research Center in 1972 and in 1980 formal specifications for Ethernet Version I were published by a consortium of companies consisting of DEC, Intel and Xerox [Arn97]. In 1985 the IEEE3 published an Ethernet standard called IEEE 802.34 which has since been adopted by ISO5 and made an international networking standard [Arn97]. Note that for historical reasons IEEE 802.3 is very often referred to as Ethernet, this is the case in this report.
Instead of giving a detailed description of Ethernet, this section gives the background information needed to understand the main differences between Ethernet and ATM. For a more thorough discussion the reader should consult [Arn97] or [Hal96].
In most cases Ethernet is implemented as either a 10 Mbps baseband coaxial cable network or as a 10 Mbps twisted-pair network (the latter being much more common in modern Ethernet implementations). The cable media supported for Ethernet includes [Arn97][Hal96]:
• 10Base2 – Bus topology implemented with thin-wire (0.25-inch) coaxial cable. Maximum segment length of 200 meters and a maximum of 30 nodes per segment.
• 10Base5 – Bus topology implemented with thick-wire (0.5-inch) coaxial cable. Maximum segment length of 500 meters and a maximum of 100 nodes per segment.
• 10BaseT – Hub topology implemented with twisted-pair drop cables. Maximum length of 100 meters and a maximum of 1024 nodes per segment.
• 10BaseF – Hub topology implemented with optical fiber drop cables. Maximum length of 2000 meters and a maximum of 1024 nodes per segment.
The same medium access control method (MAC method), CSMA/CD,6 is used for all of these configurations. CSMA/CD is described later in this section.
As described in [Hal96] data is sent in frames in Ethernet. Each frame consists of several fields, including destination and source addresses, data and a frame check sequence used for error detection. The exact appearance of a frame is not important
3
Institute of Electrical and Electronics Engineers
4
IEEE 802.3 is a standard for CSMA/CD networks.
5
International Standards Organization
6
CSMA/CD, carrier-sense multiple-access with collision detection, is the name of the medium access control method used in Ethernet.
for this report, it suffices to mention that a frame can be anywhere from 512 to 1528 bits in size.
Since Ethernet operates over a shared medium, only one end system is allowed to transmit at a time. This is enforced through CSMA/CD. In simplified terms CSMA/CD functions as follows.
When an end system wishes to transmit a frame it must first listen to the medium, if no other transmission is in session the end system can transmit its data, otherwise it must wait until the medium becomes available. So far, so good, but unfortunately it is possible for two or more systems to start transmitting at approximately the same time. An example of this are two end systems, A and B, connected to a coaxial cable. When A decides it wants to transmit it listens to the medium and detects no transmission, so it begins transmitting. A few microseconds later B also wants to transmit, due to latency in the medium it does not detect the transmission made by A and starts transmitting. This results in a collision, which must be resolved. The first system to detect the collision7 transmits a jam sequence, which is a random bit pattern that ensures the collision lasts long enough for the other systems involved to detect it. In the event of a collision some scheme for retransmission must be used. This is called the binary exponential backoff algorithm. It involves waiting for a random amount of time and then trying to retransmit, if another collision occurs the system again waits, this time increasing the delay. After 16 failed attempts of transmission it gives up.
In order to receive frames, every end system must constantly listen to the medium. When an end system detects a frame with its own address as the destination address, that frame is read from the network.
Ethernet is a rather simple networking scheme and the fact that it can operate on a wide variety of medium has helped make it very popular. The main problem with Ethernet is that at relatively modest loads network performance begins to suffer greatly. This is a consequence of the CSMA/CD MAC scheme. In order to maximize performance and minimize collisions on an Ethernet network, Ethernet switches have been developed. These, in essence, provide a dedicated 10 Mbps connection on each port, thus greatly reducing collisions and in many cases giving a considerable performance boost to the network.
In order to meet demands for faster networks, the IEEE 802.3 standard has been upgraded twice. In June 1995 a standard called IEEE 802.3u was officially approved [Arn97]. This is a standard for Fast Ethernet, it basically operates exactly like IEEE 802.3 except that the bit rate has been increased to 100 Mbps and the maximum path lengths have been decreased. Since Fast Ethernet uses the same MAC method as traditional Ethernet it suffers from the same loss of performance at relatively modest loads. Recently, Ethernet has again been upgraded to bit rates of 1 Gbps. This version of Ethernet is called Gigabit Ethernet8 and it uses the CSMA/CD access method much like Fast Ethernet. In addition to these versions of Ethernet a standard called IEEE 802.12 was developed at the same time as Fast Ethernet as a follow-up to IEEE 802.3. This standard provides the same MAC service interface as the previously mentioned versions of Ethernet but uses a different MAC protocol [Hal96].
7
In order to detect collisions, systems must listen to the medium at the same time they transmit.
8
IEEE 802.12 supports two priority levels of messages, giving some support for real-time traffic. Networks based on the IEEE 802.12 standard have not been widely implemented.
Those interested in a more thorough discussion about Ethernet could, for example, consult [Hal96].
2.2
ATM LAN
In this section the use of ATM to provide backbone services to legacy LANs is in focus.
It is mentioned in [Sta98] that Apple, Bellcore, Sun and Xerox have jointly identified three generations of LANs:
• First generation – Provides terminal-to-host connectivity and supports client-server architectures at moderate data rates. Examples of first generation LANs are Ethernet and token ring.
• Second generation – Responds to the need for backbone LANs and support for high-performance workstations. An example of a second generation LAN is the 100 Mbps Fiber Distributed Data Interface (FDDI).
• Third generation – Designed to provide the aggregate throughputs and real-time transport guarantees that are needed for multimedia applications. ATM LANs belong to the third generation.
As discussed in section 2.1 first generation LANs have reached speeds of 1 Gbps with the introduction of Gigabit Ethernet. Nevertheless third generation ATM networks represent a superior technology. ATM networks can operate at speeds ranging from 25 Mbps and into the gigabit range, supporting multiple, guaranteed classes of service, are highly scalable and facilitate internetworking between LAN and WAN technology. One reason why Fast and Gigabit Ethernet have become so popular is that they connect seamlessly to older 10 Mbps Ethernet networks. In order to meet the demand for support to legacy networks, ATM provides LAN emulation (LANE) which gives the possibility to use ATM as a LAN backbone interconnecting, for example, old Ethernet based networks. In addition to providing this interconnection between networks, it is possible to natively connect end systems to the ATM network when using LANE.
A backbone solution based on LANE requires that some new software elements be introduced to the network. These are the LAN emulation configuration server (LECS), the LAN emulation server (LES), the broadcast and unknown server (BUS) and a LAN emulation client (LEC) which sits at every ATM device and LAN switch. Because of this, a solution based on LANE is not as simple to implement as a solution based on Fast or Gigabit Ethernet. Therefore GIGArray has been developed. If there is no need for native ATM connections for end systems, GIGArray can give the benefits of an ATM backbone without the LANE software elements. End systems are then unaware of the existence of ATM in the backbone, but still benefit from it. The backbone still operates at high speeds, usually 155 Mbps or more, and can offer load balancing and alternate paths in the event of failure.
In addition to providing a high-speed and a highly scalable backbone, ATM LANE and especially GIGArray provide a painless migration path from legacy networks based on Ethernet over to an ATM based LAN. This is an important concern when designing a backbone solution since it guarantees that the solution is compatible with
tomorrows third generation LANs which will have to be able to carry real-time multimedia traffic.
Now on to the more technical aspects of ATM. As described in [Sta98], ATM, also known as cell relay, is in some ways similar to frame relay and packet switching using X.25. Like these methods ATM allows multiple logical connections to be multiplexed over a single physical interface. The data sent on each logical connection is organized into fixed size packets called cells. Contrast this to the variable sized framed used in Ethernet. Since the cells are of a fixed size, the processing at each ATM node is simplified a great deal, thus enabling high data rates. In order to further support high data rates, ATM is a very streamlined protocol with minimal error and flow control capabilities, reducing the overhead of processing ATM cells. This is possible since ATM takes advantage of the reliability of modern digital transmission media, mainly optical fiber.
The figure below, from [Sta98, p76], shows a simplified version of the ITU-T9 standardized protocol architecture for ATM.
The ATM layer defines the transmission of data in fixed size cells and the use of logical connections, it is common to all services that provide packet transfer capabilities. The AAL deals with communication between the ATM layer and higher layers not based on ATM.
Some general examples of services provided by the AAL include [Sta98]: • handling of transmission errors;
• segmentation and reassembly, to enable larger blocks of data to be carried by ATM cells; and
• flow and timing control.
9
International Telecommunications Union – Telecommunications Sector
Higher Layer
ATM Adaption Layer (AAL)
ATM Layer
The concept of logical connections in ATM is best explained with the aid of the following figure from [Sta98, page 77].
A virtual channel connection (VCC), the smallest unit in the figure, is set up between two end systems through the network [Sta98]. Over a virtual channel the end systems can exchange cells in a full duplex, variable data rate environment. VCCs are also used for user to network control signaling and network management and routing. Stallings further explains that the virtual path connection (VPC) is a collection of VCCs that have the same end points and are switched along the same path through the network. This is done in order to minimize the cost of maintaining multiple connections between two points in the network. By bundling several VCCs in a single VPC, network management actions can be applied to the VPC instead of each individual VCC.
Some of the advantages of virtual paths are [Sta98]:
• Simplified network architecture – Network transport functions can be divided into those dealing with individual logical connections (VCCs) and those dealing with a group of logical connections (VPCs).
• Increased network performance and reliability – The network deals with fewer, aggregated entities.
• Reduced processing and short connection setup time – Once a virtual path is set up, the addition of a virtual channel to that path takes very little processing.
• Enhanced network services – In addition to being used internally in the network, virtual paths are also visible to the user. It is therefore possible for the user to define closed user groups or closed networks of virtual channels.
VPCs can be either permanent or dynamically requested by a user or the network itself.10
As already mentioned the ATM cells have a fixed size, where every cell consists of a 5-octet header and a 48-octet information field. The main reason given for using small, fixed size cells is that the queuing delay for a high priority cell arriving slightly after a low priority cell that has gained access to resources can be minimized [Sta98].
10
Actually, this is but half the truth. For example, VPCs are called semipermanent, not permanent. Readers interested in a more technically correct description on how VCCs and VPCs are established in ATM networks should consult [Sta98].
Transmission path Virtual path
Also it seems that small cells can be switched more efficiently at high speeds and since cell size is fixed it is easier to implement the switching mechanisms in hardware. The format of a single cell is not very important in this discussion, but it can be mentioned that the header consists of 5 or 6 fields, depending on the type of cell, including virtual path identifier (VPI) and virtual channel identifier (VCI).
The GIGArray approach of implementing ATM LANs requires that permanent virtual paths (PVPs) be manually set up when the GIGArray is configured for the first time [Bay97b]. It is possible to provide load balancing and redundancy by setting up multiple PVPs between two points in the network, thus providing resilience to line faults or failure of intermediate switches.
One of the interesting aspects of ATM is its support for different service categories. The service categories as described in [Sta98] are:
• Real-time service
• Constant bit rate (CBR)
• Real-time variable bit rate (rt-VBR) • Non-real-time service
• Non-real-time variable bit rate (nrt-VBR) • Unspecified bit rate (UBR)
• Available bit rate (ABR)
Following is a brief excerpt of Stallings’ descriptions of these categories.
CBR is intended for applications that require a constant data rate available throughout the connection lifetime and a tight upper bound on transfer delay. Examples of such applications include uncompressed audio and video.
rt-VBR is intended for time sensitive applications that transmit at a rate that varies with time, e.g. compressed video.
nrt-VBR is intended for non-real-time data transfers that have critical response time requirements. The end system provides some information about the characteristics of the expected data flow in order to allow the network to provide improved quality of service (QoS) in the areas of loss and delay. Typical applications using this type of service are airline reservation systems and banking transactions.
With UBR data is transmitted on FIFO basis, using the capacity not consumed by other services. UBR could be used in, e.g., remote terminal applications and text/data/image transfers.
In ABR, applications specify a peak cell rate (PCR) and a minimum cell rate (MCR). The service then makes sure that the application receives at least its MCR. Unused capacity is then divided among ABR sources and capacity not used by ABR sources becomes available for UBR traffic. LAN interconnections, for example, should use ABR.
It should be obvious that when ATM is used solely to interconnect legacy Ethernet based networks, these different service categories are of no help or concern to the end user. However, these will become increasingly important in future LANs as video and audio data transmissions become more common. An ATM based backbone also provides an excellent migration path from Ethernet based LANs to the more advanced
ATM LANs of tomorrow. Through the use of GIGArray, ATM LANs provide seamless integration with an existing pure-Ethernet environment, a property which has been one of the strongest sides of Fast and Gigabit Ethernet. One area in which Ethernet based high-speed networks still beat ATM is that of cost. Ethernet solutions are today (and will probably be for some time to come) somewhat cheaper than ATM LAN solutions.
2.3
Terminology
In this section a brief definition and explanation of a number of terms is provided. The first subsection defines general terms used throughout the report. In the two subsections that follow, we provide some insight into the terms network design and network vulnerability analysis. These sections provide a brief primer to help the reader get some idea of what is meant by the terms.
2.3.1 Some General Terms
Network/Data Network
In this report the terms network and data network will be used interchangeably to refer to a collection of links, hubs, switches, routers and other networking equipment operating on levels 1-3 in the OSI reference model serving to connect a collection of end systems. Note that here end systems are considered to be connected to the network, rather that being a part of the network. This may be different from some popular definitions of the term, but serves the purposes of this report well since it deals with backbones and end systems are not considered. For a more comprehensive definition of the term the interested reader should study [Tan96] or [Hal96].
Network Segment
A network segment is a collection of links and networking equipment operating on levels 1 and 2 in the OSI reference model serving to connect a collection of end systems. A network can consist of a single segment or a collection of interconnected segments.
End System
A piece of equipment connected to and communicating over a computer network. This does not include devices such as switches and hubs that can be identified as a part of the network. End systems can, for example, be servers, workstations and printers.
Network
End System End System
LAN – Local Area Network
We adopt Halsall’s definition of a LAN, i.e., a LAN is a data network used to interconnect distributed communities of end systems within a building or a localized group of buildings [Hal96]. For example, a LAN can be used to interconnect workstations in an office building or distributed over a university campus.
WAN – Wide Area Network
A WAN is a data network connecting end systems or LANs located at geographically separate locations.
IP – Internet Protocol
IP is the protocol used on the Internet to enable two transporting entities to exchange message units. Among the services provided by IP are addressing, routing and fragmentation and reassembly of messages. For a comprehensive study of IP the reader should consult [Hal96, chapter 9.5].
Router
As explained in both [Arn97] and [Hal96] a router is a networking device used to provide interconnectivity between like and unlike LANs and/or WANs. A router operates on layer 3 of the OSI reference model. It is protocol sensitive, has a basic understanding of the network topology and is capable of routing packets according to some “best route” metric.
In addition to this, routers can be configured to control traffic flow between networks. For example, it is possible to limit access to LAN2 to a single computer on LAN1, leaving it inaccessible to all others.
In the following image, the router could, for example, be configured in such a way that end system 1 can communicate with end system 3, but not with end system 2.
For an introduction to the OSI reference model the reader could consult [Hal96].
End System 3 Router Ethernet 1 End System 1 Ethernet 2 End System 2
Backbone
A backbone is basically a network connecting a collection of network segments. As a general rule no end systems are directly connected to the backbone. One could say that a backbone is basically a network connecting networks. An example is an ATM network (backbone) connecting several Ethernet segments to form a single network.
Transmission Rate
Specifies how fast data can be sent over a data network. Transmission rates are usually in the Mbps (megabits per second) or Gbps (gigabits per second) range.
Redundancy
In certain networks more than one link may exist between two nodes. These redundant links can be used either for fault tolerance or for load balancing (involves routing data onto the least used or fastest link at any given moment).
Ethernet (IEEE 802.3)
The standard that has dominated local area networking over the last few years. Although other standards such as Token Ring (IEEE 802.5) have existed, Ethernet has clearly been the most popular LAN standard. Ethernet was described in further detail in section 2.1.
Fast Ethernet (IEEE 802.3u)
As the name implies, Fast Ethernet is simply a faster version of Ethernet. Fast Ethernet was more closely defined in section 2.1.
Gigabit Ethernet (IEEE 802.3z is the emerging standard)
A new version of Ethernet even faster than Fast Ethernet. Gigabit Ethernet is also discussed in section 2.1. Segment 1 Segment 3 Segment 2 Segment 5 Router/Bridge/Switch Router/Bridge/Switch Router/Bridge/Switch Router/Bridge/Switch Segment 4 Router/Bridge/Switch Backbone
Ethernet Hub
An Ethernet hub is a device that makes it possible to emulate a bus topology through the use of a twisted pair star topology. In its simplest application a single hub can be used to connect a number of end systems. When the hub receives data on one of its ports, that data is repeated on all the other ports, thus every transmission is broadcasted over the whole network just like in a bus topology.
In the figure below, for example, only one end system can transmit at a time.
Ethernet Switch
Unlike a router, an Ethernet switch functions on layer 2 of the OSI reference model.11 It registers the hardware addresses of networked equipment connected to it and routes packets according to those. When a packet is received on some port of the switch, it is only forwarded to the port where the intended recipient resides. In contrast, a hub would repeat the packet on all its ports. A switch allows multiple simultaneous transmissions.
In the figure below end system 1 can, for example, communicate with end system 2 at the same time as end system 3 communicates with end system 4.
ATM – Asynchronous Transfer Mode
A relatively new networking technology developed as part of the B-ISDN12 effort and currently widely applied in non-B-ISDN network solutions. See section 2.2 for a more in depth discussion.
11
This is true of traditional Ethernet switches. In the last few months, however, layer 3 switches have been appearing on the market. These, as the name implies, function on OSIRM layer 3.
12
Broadband Integrated Services Digital Network.
End System End System End System Hub
End System 1 End System 2
End System 3 End System 4
ATM Switch
The main building blocks of ATM networks are ATM switches. These handle the routing (switching) of ATM cells through the network. Note that ATM networks rely entirely on switching, there are no routers in the network.13
ATM Router
In this report the term ATM router refers to an IP/IPX/etc router that connects natively to an ATM network. Note that this router does not route ATM cells, those are purely switched, it assembles ATM cells into, for example, IP packets and then routes the packets.
LANE – LAN Emulation [Bay97a]
A method for providing LAN services on ATM networks. The network appears to the end user as a traditional LAN.
GIGArray [Bay97b]
A method to provide an ATM backbone for traditional LANs without the complexity of LANE. Does not support native ATM connections for end systems.
VLAN – Virtual LAN
A virtual LAN is a set of components connected together in a single layer 2 switching domain (also referred to as a bridging or broadcast domain). The only allowed connectivity (if any) between different virtual LANs is through a layer 3 router. [Bay97a]
The easiest way to think of a VLAN is as a traditional physical LAN. To the end user it behaves in the same way. The difference is that it is possible to configure a switch port anywhere on the network to reside on any VLAN, as opposed to actual physical LANs, which are confined to, for example, a building or a single floor.
MTBF – Mean Time Between Failure
According to [Spo93] MTBF for a specific product is calculated by the product vendor by using stress tests and certain theoretical model projections. MTBF figures are usually given in hours (hrs) or thousands of hours (khrs).
MTTR – Mean Time to Repair
The average time it takes to repair a given piece of equipment should it fail. Note that for most equipment this is a much shorter time than MTBF.
13
2.3.2 Network Design
In this report the term network design relates to the activity of designing data communication networks connecting a number of computers, printers and possibly other end systems. It is confined to the design of the actual network and does not include other higher-level decisions such as which network operating systems to use. In the figure below, only the part within the box would be considered in the design.
The general goal of any network design effort is to develop a data network that interconnects a number of end systems and provides them with connectivity. Unfortunately this over-simplified goal of design is not adequate. It can be compared to a design goal for an automobile, stating that a unit should be designed that transports people between places, saying nothing about, for example, comfort, speed and safety. In the same way network design goals must be stated in more detail than simply that the network should be built. Some of the things the designer must consider are: • Responsiveness • Reliability • Fault tolerance • Security • Flexibility • Usability • Scalability • Manageability • Economics
In some cases the designer does not have to keep all of these in mind, particularly when designing a very small network, but in other cases even more aspects must be considered. It should be noted that some of the design goals may conflict, most notably does monetary cost seem to have a way of conflicting with everything else, and some trade-offs almost always have to be made.
In short it can be said that network design is the process of implementing a data communications network while keeping in mind a myriad of factors, some of those conflicting.
2.3.3 Network Vulnerability Analysis
Technical equipment can fail. This is a fact of life that has all too often become painfully apparent. Unfortunately there is not much one can do to prevent such failures from occurring. What can be done is to prepare for these incidents in order to minimize their effect.
End System End System
Network vulnerability analysis can be done in different ways and on different levels. Some examples of what an analysis effort might deal with are:
• locating weak points in the network; • assessing the probability of failures; • constructing recovery plans;
• assessing how long it takes to recover from failures; • making cost assessments; and
• making recommendations for how to minimize the probability of failure.
Examples of questions that a department might want to have answered by an analysis are: How likely is it that our router will break down? What effect will this kind of failure have on the rest of the network? How much will it cost to repair or replace the router? How long will it take to repair or replace it? What can we do in the meantime? What can we do to minimize the risk of this event?
3
Problem Description
In this chapter we present the problems which are to be solved. The first section presents a description of the network as it is today and how it has grown from a pure Ethernet based network to a network utilizing both Ethernet and ATM. In the second section the problem of further expanding the network design is described and some criteria, which such an expansion must meet with, are presented. The third and final section discusses vulnerability analysis, why it should be carried out and which parts of the network should be included in the analysis.
3.1
Current Situation
Most departments and businesses today use some type of internal computer network. In most cases these networks operate in the 10 Mbps range and have no support for advanced functions such as real-time traffic and resource allocation. In recent years this scheme has worked well and in many cases it still works fine, but as computers become more powerful and capable of generating more traffic and demanding more bandwidth and additional services, new solutions are required. That is why many networks now, or at least in the near future, have to be upgraded. How this should be done is unfortunately usually not obvious. Several different paths can be taken when expanding a network infrastructure and different solutions are being adapted for different networks. Some of these solutions provide low economic costs in the short run while not offering a long term solution while others more expensive solutions utilize technology that may be adequate for some time to come. Common to most of these solutions is that they must fit into the existing network, since few network operators have the means to completely replace their entire network all at once.
Due to the popularity of Ethernet in recent years, many of these redesign efforts for medium sized networks involve upgrading 10/100 Mbps Ethernet networks to something more powerful. Currently there are two main paths that have been taken when upgrading such networks; Gigabit Ethernet and ATM. Gigabit Ethernet provides a relatively low-cost solution based on old technology while ATM offers superior technology, but at a higher price.
The network at the University of Skövde, pre-ATM, was based on a distributed switched collapsed backbone, a collection of switched and hub-based Ethernet segments interconnected via a router. The network was divided into 6 physical segments each operating on a separate port on the router. The router was also connected to the Swedish University Network (SUNET) via a 2 Mbps WAN connection to Gothenburg.
A simplified figure of the old network can be seen below.
As implied by this picture the router was the central point in the network. The separate Ethernet segments had to communicate via the router and the backbone was simply an extension of the Ethernet segments. This topology worked well for some years, but in order to meet ever-increasing demands of speed, efficiency and reliability and in order to set the ground for tomorrows high-speed LANs the decision was taken to invest in a more effective backbone.
When time came for the network backbone to be upgraded, an ATM solution was considered to be a better choice than an Ethernet based solution. An Ethernet based backbone would in the short run probably have served the network as well as the ATM solution, but in the long run an ATM based backbone provides a superior platform for migration to a third generation LAN and is highly scalable.14
Due to the introduction of the ATM backbone, the network took on a very different shape. To the average end user this should have been completely transparent, except for the increased efficiency when communicating over the backbone. Instead of being built around a router, the new network was built around a GIGArray based system of ATM nodes that formed the backbone. The backbone consists of 6 ATM concentrators containing a total of 7 ATM switches. The concentrators also support a number of 10 and 100 Mbps Ethernet switches. As a consequence of this, the network is heavily switched beyond the backbone level, servers on the network either have dedicated 100 Mbps or 10 Mbps connections and several clients also run on dedicated 10 Mbps.
14
This is an extremely important factor since the University is a rapidly expanding organization.
Router Ethernet 2 Ethernet 1 Ethernet 3 Ethernet 5 Ethernet 6 Ethernet 4 Internet
A simplified image of the ATM backbone plus the router follows.
This image shows the six ATM nodes that make up the backbone. The links between the ATM nodes operate at 155 Mbps. The ‘Network Central’-node holds two ATM switches and the rest of the nodes hold one ATM switch each. Most of the network is built directly around these six nodes. In addition to holding ATM switches they contain 100 and 10 Mbps Ethernet switches and 10 Mbps Ethernet hubs to which both end systems and additional hubs connect. The switches are configured to use certain default routes when routing traffic through the network, but in the event of failure different routes can be taken where loops or redundant links exists. Although it is possible to configure the network to use load balancing where redundant links exist, this has not yet been done. The capacity of the backbone is adequate as-is and load balancing has not been needed in order to keep up with performance demands. In the three places in the figure where double links are shown, redundant links exist, as already stated these are only used for redundancy and not for load balancing.
Before giving a more detailed description of the network, some of its building blocks are introduced in more detail.
The router – A Cisco AGS+ with four 10 Mbps Ethernet ports and one serial WAN port in use.
The ATM nodes – Bay Networks System 5000BH concentrators. These concentrators have a double ATM backplane operating at 3.2 Gbps and an Ethernet backplane to provide for backwards compatibility with Ethernet based equipment.
Office Building Library Building B Building A Building E Network Central ATM Link Ethernet Link Internet Router
The ATM switches – Bay Networks System 5000 ATMSpeed model 5724M15 with four 155 Mbps ports.
The Ethernet switches – Bay Networks System 5000 EtherSpeed models 5425 and 5328. The 5425 has four 100 Mbps ports and the 5328 has sixteen 10 Mbps ports. These switches communicate directly with the ATM backplane of the 5000BH concentrators.
The Ethernet hubs – Bay Networks System 5000 models 5307 and 5307S, these modules have twenty four 10 Mbps ports. They only communicate with the Ethernet backplane and when used in an ATM concentrator they need to communicate with the backbone via an Ethernet switch.
In addition two Bay Networks System 3000 concentrators and one Bay Networks System 5000 concentrator with only Ethernet backplanes are used.
We will now present a more detailed image of the network infrastructure.
In addition to this central infrastructure, individual departments within the university have their own hub-based topologies. These are connected to the central infrastructure via the nodes shown in the figure above.
15
As previously mentioned, one of the ATM nodes holds two ATM switches, one of them is a model 5724M but the other one is a model 5724 (the same unit without a Master Control Processor).
ATM Link Ethernet Link Office Building System 5000BH Library System 5000BH Building B System 5000BH Building A System 5000BH Building E System 5000BH Network Central System 5000BH Internet Router Cisco AGS+ Network Central System 5000 Building E 1st floor System 3000 Building E basement System 3000 Building D Hub-based External Hub/Switch hybrid Unnamed Hub-based
Through the use of virtual LANs, the network has been divided into three separate segments. Only one of the old Ethernet based networks is still a separate physical segment. Actually two of the VLANs correspond exactly to physical segments in the old topology, this is due to administrative and security reasons. The third VLAN is a combination of three of the previously separate physical segments. These segments were combined in order to better utilize the ATM backbone. On these three physical segments IPX traffic was a considerable portion of the total traffic. By combining them into a single VLAN the IPX traffic no longer passes through the router and a big bottleneck has been eliminated. IP traffic originating on different address-spaces on this VLAN still must pass through the router and does not benefit from this change in topology. IP and IPX traffic local to the other two VLANs and the external LAN does not pass through the router, but naturally all traffic being sent between different segments must pass though the router.
A simplified image of the logical structure is shown below.
3.2
Expanding the Network
Due to the expansion of the university, a new ATM node and a router with a native ATM connection are to be added to the network. This requires that the ATM backbone be reconfigured in order to incorporate the new equipment. This is where the drawbacks of using GIGArray become apparent. Since the router has a native ATM connection, GIGArray can no longer be used, it simply does not support native connections. Therefore it is necessary to migrate from GIGArray to LANE.
Since the use of LANE and the introduction of the new router completely change the scenario compared to how it was when the current ATM backbone was designed, it is necessary to examine both the physical and logical configuration of the network. It has to be considered if a new connection scheme might be better suited to LANE than the old one and the VLAN configuration has to be completely revised. Since the new router is able to route packets between VLANs much more efficiently than the old AGS router the basis for the old VLAN configuration simply does not exist any more and the VLAN scheme has to be redesigned.
Router VLAN 1
VLAN 2 External LAN
VLAN 3 Internet
It is important that the new network possess the following qualities: • Responsiveness • Reliability • Fault tolerance • Security • Flexibility • Usability • Scalability • Manageability
Some examples of institutions migrating to ATM backbones can be read about in [Bay96c], [Bay97c] and [Bay97d]. These deal with three different cases of universities migrating to an ATM based backbone. What these cases have in common with the design effort in this work is that the designers were striving for many of the same goals. Scalability is a big concern as well as the ability to support different types of traffic in the near future. However, there are some differences between those efforts and the current one. For one thing, the effort described here is on a considerably smaller scale. The cases described in [Bay96c], [Bay97c] and [Bay97d] deal with relatively large networks with multiple routers, ATM nodes etc. Also, these are cases of ATM introduction to an existing network structure. This is not the case in the work presented here. In this case ATM has already been introduced to the network and has been in use for several months. The task is to further expand and develop this network. Due to the considerable differences between our case and the cases in [Bay96c], [Bay97c] and [Bay97d], the design methods used there cannot be directly applied to our situation.
3.3
Network Vulnerability Analysis
Currently no plan exists for how to respond to failures in the university network and no estimates exist on the probability of failures and how severe failures in the network might be. Even though a vulnerability analysis could be performed as a part of a network management effort, and such an analysis could become very thorough since it would be possible to use data from network management, it has been decided to perform a more lightweight analysis at this point in time since it can be carried out very rapidly and fits easier into the projects tight schedule. The reason for performing the analysis is simply that without a plan as how to respond to failures, the network administrator would be caught with his pants down in the event of failure. Therefore a fast, although usable and relevant, vulnerability analysis will be performed in order to provide some guidelines until a more thorough analysis can be made. Since the analysis can be performed rapidly it can easily be kept up-to-date as the network evolves and it is possible to get a basic understanding of the likelihood and impact of failure relatively quickly.
Due to the limited time frame of the project, it was decided that the analysis should focus only on the networking devices in the central infrastructure. Higher-level services like DNS and e-mail are not included. The following devices are considered: • concentrators (ATM nodes and Ethernet concentrators);
• ATM and Ethernet switch modules; • hub modules; and
• network management modules.
By concentrating on these low-level network devices it is possible to perform a more relevant analysis of the units actually considered in other parts of this report than if other, higher-level units would also have been included.
Network vulnerability analysis is considered by many to be a necessary part of network management. Methods do exist for how to perform vulnerability analysis, and certain businesses have even developed and are selling their own methods and approaches. One example of these methods is SBA from Dataföreningen in Sweden. One quality that many of these methods have in common is that they tend to be comprehensive, and thus require quite a bit of time to complete. Due to our time frame this is unacceptable and a faster approach to vulnerability analysis is presented in section 4.2.
4
Methodology
This chapter describes the methods that are used to tackle the problems presented in chapter 3. The first section deals with how one should approach the problem of network design, and in the second section we discuss how the vulnerability analysis is performed.
4.1
Network Design
Network design can be done on many levels ranging from cabling to which NOS to use. Since this project deals with upgrading the backbone architecture of an existing network, there are many factors which cannot be influenced or changed. The cabling between different buildings already exists and must be used by the new design; it would simply not be economically justifiable to design and implement a new cabling scheme and it is questionable whether such a redesign would give any tangible improvement over the current cabling scheme. Thus this design effort does not deal with cabling.
Ideally, an upgrade to a network backbone should not interfere with the end user and the way in which he is used to using the network. For the end user, the only noticeable effect should be that the network becomes more responsive, reliable and so on. He should not have to learn a whole new way of doing his job. In addition to this, a complete restructuring of a medium sized network from the ground up is a huge effort that would probably lead to a series of problems that would take some time to sort out. Because of this, a viable approach is to redesign the backbone is such a way that it interacts with the existing LAN segments without requiring these to be redesigned. For example, when introducing an ATM backbone into an Ethernet architecture it is both economically and administratively appealing to have the backbone simply interconnect the Ethernet segments instead of upgrading the whole network, down to each end system, to ATM.
As mentioned in section 3.2 the network backbone should possess certain qualities. We will now present how the design effort can address these.
• Responsiveness
An ATM backbone will almost always seem very efficient when used to interconnect 10 Mbps Ethernet segments, even if it is poorly designed. For future high-speed LANs this will not be the case, in order to provide these LANs with the necessary speeds, the backbone needs to be well designed. As end systems become ever more powerful and capable of producing large amounts of traffic the design must be done in such a way that high-speed connections can be provided between end systems that communicate with each other, especially between clients and servers and in some cases from server to server.
With this in mind, network paths should be as short as possible16 in order to minimize latency in the network.
16
With length in this context, we refer to the number of intermediate systems (routers, switches etc) between end systems.
• Reliability
It is difficult to affect the reliability of individual nodes in the network. In order to provide overall network reliability, the best that can be done is to choose reliable components and try to build fault tolerance into the network.
• Fault tolerance
By utilizing the possibilities that ATM gives for redundancy, fault tolerance can be enhanced in some ways. It should be noted that as mentioned earlier, fault tolerance in physical links cannot be affected since the physical links already exist.
• Security
By correctly configuring nodes in the network and keeping security aspects in mind when designing the switched topology, security can be enhanced. For example, it can be made difficult to gain unauthorized access to network nodes or traffic.
• Flexibility
It always takes some effort to change the overall configuration of a medium sized network. Even in a relatively flexible network it is a complicated task to change the configuration. A network that provides VLAN services is on the other hand very flexible at the end system level, it is possible to connect an end system to any VLAN anywhere in the network.
• Usability
The logical network should be understandable and make it easier for the user to do his job. In order to make the network usable, it is a good rule to keep it as simple as possible.17
• Scalability
If the network is expected to grow in the near future, and especially if expansions are expected to be frequent, it may be justifiable to sacrifice some responsiveness, security and even usability in order to make the system more scalable. In an ATM backbone utilizing LANE, scalability is however not a big problem.
• Manageability
If the network is kept as simple as possible it is easier to understand. It is, however, not certain that this simplicity will contribute to manageability. A network that is too simple might prove inflexible and difficult to affect. The design should balance flexibility, usability and scalability to provide manageability.
17
This is not by any means an absolute truth. A simple network is usually easier to understand and use than a complex one, but this is only true as long as the network is not too simple and makes it difficult for users to complete their tasks.
4.2
Network Vulnerability Analysis
Some principles on vulnerability analysis are presented in [Spo93] and some of these, e.g. mathematical formulas, are used in this report. But Spohn goes much further than can be done here due to time limitations. He addresses vulnerability analysis as a part of the overall network planning strategy, combining it with things like traffic analysis and capacity planning. This obviously gives results that can be used in long-term planning for the network infrastructure, but this is simply not what the current work is supposed to focus on. The focus lies on failure probability and ways of handling failures.
It is possible to perform a quite theoretical vulnerability analysis with mathematical probability models etc. Such an analysis is very complete and thorough but because of the following reasons the analysis to be described in this report is more lightweight: • when changes are made in the network a comprehensive analysis is harder to keep
up-to-date than a simpler one; and
• the limited time frame of the project does not give room for a time-consuming analysis.
The analysis results in an estimation on how likely failures are and a plan on how to respond to failures when they do occur. The analysis is valuable since it includes guidelines on how to respond to failures and it gives an idea of which failures can be expected and which are unlikely to occur.
The vulnerability analysis is divided into two parts. Firstly the probability of failures is considered, and guidelines for recovery constructed. Secondly the importance of various parts of the network is considered and an equipment redistribution scheme constructed. The redistribution scheme should be used when some, non-critical part of the network has to be taken down in order to maintain service at some other critical point in the network.
4.2.1 Probability of Failures
Failure in technical equipment can have external reasons, such as fire or water. Equipment can also stop functioning without any apparent external reason. In this project probability in these two scenarios is considered separately. First, the probability of failure in the equipment is calculated from vendor supplied MTBF information, and later some external causes of failure are considered.
In [Spo93, p534] a method is given for calculating the average number of failures in a technical product over a given time using MTBF. The formula is as follows:
where “t” is the number of hours of operation. In this report it is assumed that MTBF is much greater than MTTR (MTBF>>MTTR), therefore MTTR can be omitted from the formula. This can be done since MTBF for the equipment considered is of the magnitude of 100 khrs, one year is less then 9 khrs and it should be safe to assume that MTTR for this equipment is a few weeks or months at most and not several years. In this report “t” is always 8760 hours, or one year of operation. Thus, 8760/MTBF gives the average number of failures per year. When using this formula the number of
MTBF t MTTR MTBF t Failures ≈ + =
failures is considered to be linear over time, i.e. failures are not considered to become more common as the equipment gets older.
By inserting MTBF into the following formula it can be calculated that on the average one failure should occur every “y” years.
When calculating the average number of failures over a given time in a community of equipment the following formula is used:
x is the number of entities, t is the timeframe (8760 for one year) and MTBFi is the MTBF for each individual piece of equipment. In plain English, the average number of failures in a community of equipment is considered to be the sum of the average number of failures in each individual piece of equipment.
By using these formulas, probabilities for the following are calculated:
• ATM node stops functioning (failure in a concentrator, ATM MCP switch, power supply or supervisory module);
• 10/100 Mbps switch or hub module somewhere in the network fails; and
• failure in a certain node in the network (concentrator, power supply or some module).
The external causes of failure to be considered are: • natural catastrophes;
• fire/water;
• power outage – partial, building-wide, campus-wide; • sabotage – physical and/or logical; and
• administrative failure – error in configuration etc. We organize these into three levels of probability: 1. highly unlikely (once every 10 or more years);
2. only likely to happen extremely rarely (once every 2-10 years); and 3. likely to happen with certain intervals (once every 6-24 months).
Note, these levels of probability do not strictly relate to individual failures, but rather to the set of failures within each category. For example, if category 2 contains two different incidents, that implies that one of those two, rather than both, is likely to happen every 2-10 years. This may seam a bit general and “fuzzy,” but it suffices for the problem under consideration since it is only supposed to give a general idea of the likelihood of these events.
With this analysis it is possible to get a basic understanding of which failures are likely to occur and how workarounds can be implemented quickly.
8760 8760 1 MTBF MTBF y= =
∑
= = x i MTBFi t Failures 1This first part of the vulnerability analysis results in an estimation of the probability of failures in various parts of the network and a recovery plan in the event of those failures.
4.2.2 Redistribution of Network Resources
Certain parts of the network are vital to the operation of the network as a whole, whilst other parts only affect a small portion of the network. When a failure occurs in a vital part of the network, it may be justifiable to transfer equipment from a less important part of the network to the failing part in order to keep it up-and-running, even if this means bringing down the less important part. Even though a complete plan has not been constructed, some guidelines on how to redistribute equipment in the event of failure have. In order to ease the construction of such guidelines, certain equipment18 is organized according to importance:
1. Critical – Equipment belonging to this class must always function if other parts of the network are supposed to function at all.
2. Important – Service in this class should be kept running if possible without stopping a critical part of the network.
3. Less important – Service in this class may be stopped if critical or important equipment stops functioning and needs to be replaced.
The equipment to be organized into these classes is, as mentioned in section 3.3: • concentrators (ATM nodes and Ethernet concentrators);
• ATM and Ethernet switch modules; • hub modules; and
• network management modules.
This part of the vulnerability analysis results in an equipment redistribution scheme based on the organization of network resources into classes of importance.
The results of both parts of the vulnerability analysis are presented in section 5.2.
18
I.e. equipment that can be redistributed, equipment of which more than one unit is found in the network.
5
Implementation/Results
In section 5.1 the new ATM backbone design is presented. In section 5.2 the results of the vulnerability analysis are presented.
5.1
Network Design
In this section we present both the physical and logical configuration of the network. First we present a description of the physical design and continue with a description of the logical VLAN configuration.
Since the new ATM router requires a native ATM connection to the network, it is no longer possible to use GIGArray. In order to support native ATM connections LANE must be deployed. Since LANE is to be used in the new design, it is no longer necessary to configure PVCs between the ATM switches, since the path configuration can be done dynamically, making it much easier to add new ATM nodes to the network in the future, since the entire network does not have to be reconfigured. Another benefit of ATM that is utilized in the new design is load balancing over redundant links. So far redundant links have been used only for increasing reliability in the network. In the new configuration the double links between the network central and building E and between buildings A and B are used for load balancing. The figure below shows the new ATM backbone.
By taking advantage of the large number of ATM switch ports in the network some redundancy is obtained, this redundancy gives a certain amount of fault tolerance and makes it possible to use load balancing.
The network consists of more than just the ATM backbone. The following figure provides an overview of the entire network.
Office Building Library Building B Building A Building E Network Central ATM Link ATM Router Building D
As can be seen in this picture, the ATM backbone makes up the center of the network. Attached to that center are some Ethernet based networks. It should also be noted that in this new design the AGS router is connected to the network via only one Ethernet link, as opposed to four in the old design. This is due to the fact that the AGS now acts only as a gateway to the Internet. The new ATM router does all routing between internal networks and between internal networks and the AGS. Since the serial link connecting the AGS to the Internet is only 2 Mbps, the single 10 Mbps connection to the internal network is not a bottleneck.
The old VLAN configuration is very simple, using only three VLANs. This is due to the fact that the AGS router is a big bottleneck in the ATM network and by using few VLANs it was possible to eliminate the need to route a considerable portion of the IPX traffic in the network. Since the new ATM router is much more effective, the need for this optimization no longer exists and other factors, such as security, can be considered. Below is an image of the new VLAN configuration.
O f f i c e B u i l d i n g Library B u i l d i n g B B u i l d i n g A B u i l d i n g E N e t w o r k C e n t r a l Internet B u i l d i n g D A G S R o u t e r A T M R o u t e r A T M L i n k E t h e r n e t L i n k N e t w o r k C e n t r a l S y s t e m 5 0 0 0 Building E 1st floor S y s t e m 3 0 0 0 B u i l d i n g E b a s e m e n t S y s t e m 3 0 0 0 E x t e r n a l N e t w o r k H u b / S w i t c h h y b r i d U n n a m e d H u b - b a s e d
The bubbles represent VLANs and the boldfaced text in the bubbles is the VLANs name. The first six VLANs are named after the IP address space they house. E.g., VLAN 176 houses the 193.10.176.X address space. The seventh VLAN is only meant for the AGS router. By putting the router on a separate VLAN, it becomes transparent for users of the network. The ATM router performs all internal routing. Packets meant for the Internet are routed onto the seventh VLAN, where the AGS takes over and routes them on to the Internet. The AGS acts as a gateway and does not enforce any access control (this is taken care of by the ATM router).
We now ends with a brief discussion of whether or not the points mentioned in section 4.1 have been met. Since the new network has neither been tested at this time nor simulated, nothing can be said with absolute certainty about how well the network performs. Certain assumptions can, however, be made.
• Responsiveness
Due to the fact that the backbone links are extremely effective in contrast to the end system links the ATM backbone should not be a bottleneck in the network. Since the AGS router no longer routes traffic between different VLANs responsiveness has been considerably improved.
176 A G S R o u t e r A T M R o u t e r 179 182 185 178 INTERNET VLAN 9-14 R e s e r v e d 180-183
• Reliability
A certain amount of redundancy exists in the network. Multiple links exist between the ATM nodes and even if one node goes down, connections between all the others still exists. Due to the physical configuration of the links the network does not tolerate link failures better than before, node failures on the other hand can be more easily tolerated and would not partition the network as easily as before.
• Security
Although the network is not physically highly secure, access to the nodes is relatively restricted (i.e. they are locked in). This point has not been affected by the redesign.
• Flexibility
The network is quite flexible. Due to the use of dynamic links between ATM nodes it is relatively easy to add/remove nodes and to change the link configuration. When GIGArray was being used, this was quite difficult since the entire PVC configuration had to be redone when changing the network. In short, the transition from GIGArray to LANE has made the network more flexible. • Usability
The backbone is entirely transparent to the end user. All he sees is a collection of networks and a link to the Internet. Usability should not have been affected by the redesign, except for the fact that the network is now more effective than before. • Scalability
This ATM LANE based backbone solution is highly scalable. It is possible to expand the network extensively by adding new ATM nodes, and it is also possible to migrate high-traffic systems (such as servers) to native ATM connections. Since it was impossible to natively connect servers before the redesign and the introduction of new nodes required considerably more work, the network has to be considered more scalable after the redesign.
• Manageability
Specialized software exists for managing the network. However, not very much can be said about this point without some practical experience of the network.
